High severity7.5NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-12886

Description

An Out-Of-Memory (OOM) vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and getAuthorizationToken functions, which use io.ReadAll to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/ollama/ollamaGo	<= 0.3.14	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-v464-r2r9-www7ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-12886ghsaADVISORY
huntr.com/bounties/f115fe52-58af-4844-ad29-b1c25f7245dfnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000